On 02/28/2011 05:22 PM, Timothy Pearson wrote: >> Tim, >> >> I went to register for the bugzilla and found that the confirmation >> request >> from 18.104.22.168 was rejected by postfix because 22.214.171.124 does not >> provide a proper reverse lookup causing: >> <snip> >> It is 'reject_unknown_client' causing the rejection. From: >> http://www.postfix.org/postconf.5.html the rejection is caused when: >> <snip> > Hi David, > > How exactly did you get this error? My reverse DNS checks out OK and I > don't see any problems with a test registration on the Bugzilla. > > Thanks! > > Tim Tim, my postfix setup is: [17:35 nirvana:/home/david/Documents/law/clients-rlf] # postconf -n alias_database = $alias_maps alias_maps = hash:/etc/postfix/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_command = /usr/bin/procmail -a "$EXTENSION" mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 10240000 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain myhostname = nirvana.3111skyline.com mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/bin/newaliases proxy_interfaces = 126.96.36.199 queue_directory = /var/spool/postfix readme_directory = no relay_domains = rlfpllc.com, rbpllc.com, rankinfirm.com, rankinlawfirm.com, drrankin.com sample_directory = /etc/postfix/sample sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org <** I had to remove reject_unknown_client from the line above **> smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination unknown_local_recipient_reject_code = 550 Before removing 'reject_unknown_client' from smtpd_client_restrictions, the confirmation email was rejected with (note I've removed the @ signs below and replaced them with ' at '): Feb 28 16:22:22 nirvana postfix/smtpd: NOQUEUE: reject: RCPT from unknown[188.8.131.52]: 450 4.7.1 Client host rejected: cannot find your hostname, [184.108.40.206]; from=<bugs@...> to=<trin at 3111skyline.com> proto=ESMTP helo=<vali.starlink.edu> Feb 28 16:22:22 nirvana postfix/smtpd: disconnect from unknown[220.127.116.11] After removing 'reject_unknown_client' the confirmation came through no problem: Feb 28 16:32:05 nirvana postfix/smtpd: warning: 18.104.22.168: address not listed for hostname pearsoncomputing.net Feb 28 16:32:05 nirvana postfix/smtpd: connect from unknown[22.214.171.124] Feb 28 16:32:05 nirvana postfix/smtpd: 8E24D5FBCD: client=unknown[126.96.36.199] Feb 28 16:32:05 nirvana postfix/cleanup: 8E24D5FBCD: message-id=<201102282222.p1SMMIkD004700@...> Feb 28 16:32:05 nirvana postfix/smtpd: disconnect from unknown[188.8.131.52] Feb 28 16:32:05 nirvana postfix/qmgr: 8E24D5FBCD: from=<bugs@...>, size=2878, nrcpt=1 (queue active) Feb 28 16:32:05 nirvana postfix/local: 8E24D5FBCD: to=<me at 3111skyline.com>, orig_to=<trin at 3111skyline.com>, relay=local, delay=0.4, delays=0.31/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -a "$EXTENSION") Feb 28 16:32:05 nirvana postfix/qmgr: 8E24D5FBCD: removed I wish I could tell you the reason why postfix was rejecting the messages with 'reject_unknown_client' set as a smtpd_client_restrictions entry, but alas, my postfix knowledge doesn't extend that far... But, I can confirm the behavior and let you know what caused the rejection. I can see the lookup for pearsoncomputing.net just fine as well: [17:48 nirvana:/home/david/Documents/law/clients-rlf] # nslookup 184.108.40.206 Server: 192.168.6.17 Address: 192.168.6.17#53 Non-authoritative answer: 220.127.116.11.in-addr.arpa name = pearsoncomputing.net. Authoritative answers can be found from: 118.84.74.in-addr.arpa nameserver = ns2.mcomdc.com. 118.84.74.in-addr.arpa nameserver = ns1.mcomdc.com. However, I think postfix doesn't like the fact that there is no "hostname.pearsoncomputing.net', provided, just a domainname. Fox example, when I do a lookup on my office server, I get: [17:48 nirvana:/home/david/Documents/law/clients-rlf] # nslookup 18.104.22.168 Server: 192.168.6.17 Address: 192.168.6.17#53 Non-authoritative answer: 22.214.171.124.in-addr.arpa name = mail.rbpllc.com. Authoritative answers can be found from: 63.76.66.in-addr.arpa nameserver = ns2.suddenlink.net. 63.76.66.in-addr.arpa nameserver = ns1.suddenlink.net. ns2.suddenlink.net internet address = 126.96.36.199 Notice the "name =" difference. I have a hostname, you just have your domain. Like I said, I'm no postfix expert, but I think that (or something along those lines) is what is happening. -- David C. Rankin, J.D.,P.E.